Advertisements

"Reed L. O'Brien" <> writes:
> I see rotor was removed for 2.4 and the docs say use an AES module
> provided separately... Is there a standard module that works alike or
> an AES module that works alike but with better encryption?

If you mean a module in the distribution, the answer is no, for
political reasons.

There are a number of AES modules available on the net. Most are C
extension modules which means you need to compile them, and if you
want to deploy them widely, you need binaries for every target platform.
There's a few pure-Python AES implementations but they are verrry slow.

Here's something written in Python that uses the built-in sha1 module
as a crypto primitive. Its security should be better than rotor and
performance is reasonable for most applications:

Advertisements

Paul Rubin wrote:
> "Reed L. O'Brien" <> writes:
>
>>I see rotor was removed for 2.4 and the docs say use an AES module
>>provided separately... Is there a standard module that works alike or
>>an AES module that works alike but with better encryption?
>
>
> If you mean a module in the distribution, the answer is no, for
> political reasons.
>
......I'm also missing the rotor module and regret that something useful
was warned about and now removed with no plugin replacement.

I had understood that this was because rotor was insecure, but you
mention politics. Are other useful modules to suffer from politics?

What exactly are/were the political reasons for rotor removal?

I might add that the source for rotormodule is still easily obtainable
and can be compiled trivially as an extension for Python-2.4. Does the
Python community take a position on the sources of removed modules?
--
Robin Becker

Some countries have laws about cryptography software (against some
combination of export, import, or use). The Python maintainers didn't
want to deal with imagined legal hassles that might develop from
including good crypto functions in the distribution. Then it became
obvious that the same imagined hassles could also befall the rotor
module, so that was removed.
> I might add that the source for rotormodule is still easily obtainable
> and can be compiled trivially as an extension for Python-2.4. Does the
> Python community take a position on the sources of removed modules?

Those are still free to distribute, but I'd advise against doing so
with the rotor module unless you absolutely need it for some
interoperability purpose. Otherwise, it's insecure and should not be
used. The routine I posted was intended as a straightforward
replacement for the rotor module that doesn't depend on C compilers
and is reasonably secure. If you don't mind using C extensions,
there's various AES modules available, plus fancier packages like
mxCrypto.

Robin Becker <> writes:
>Paul Rubin wrote:
>.....I'm also missing the rotor module and regret that something useful
>was warned about and now removed with no plugin replacement.

Hm, yes. Here is a (rather slow) replacement:

"""This module is derived from Modules/rotormodule.c and translated
into Python. I have appended the Copyright by Lance Ellinghouse
below. The rotor module has been removed from the Python 2.4
distribution because

the rotor module uses an insecure algorithm and is deprecated.
==============================================================

Of course, this does still hold. However, I think this module might
be used and adapted for demonstration purposes and might help some
poor users who have encrypted (or obfuscated) some old stuff with
the rotor module and have no access to older Python versions any
more.

Permission to use, copy, modify, and distribute this software and its
documentation for any purpose and without fee is hereby granted,
provided that the above copyright notice appear in all copies and that
both that copyright notice and this permission notice appear in
supporting documentation, and that the name of Lance Ellinghouse
not be used in advertising or publicity pertaining to distribution
of the software without specific, written prior permission.

LANCE ELLINGHOUSE DISCLAIMS ALL WARRANTIES WITH REGARD TO
THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
FITNESS, IN NO EVENT SHALL LANCE ELLINGHOUSE BE LIABLE FOR ANY SPECIAL,
INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
#####################################################################
"""

def get_rotors(self, do_decrypt):
# Return a tuple (size, nr, rotors, positions) where
# - size is the rotor size (== 256, because of 8-bit bytes)
# - nr is the number of rotors.
# - rotors is a tuple of nr encrypt or nr decrypt rotors
# for do_decrypt == 0 or do_decrypt == 1 respectively.
# - postions is a list of nr "rotor positions".
#
# The rotors represent the static aspect of the rotor machine which
# is initially computed from key and fixed during en/decryption.
# A rotor is a random permutation of range(size) extended
# by an "increment value" in range(size).
#
# The followng statements hold for a tuple of encrypt rotors E and
# and the corresponding tuple of decrypt rotors D.
#
# D[E[j]] == j for i in range(nr) for j in range(size)
#
# E[D[j]] == j for i in range(nr) for j in range(size)
#
# This means that the corresponding rotors E and D are
# inverse permutations.
# The increments are equal for the corresponding encrypt and
# decrypt rotors and have an odd value:
#
# D[size] == E[size] and E[size] == 1 mod 2 and
# 0 < E[size] < size for i in range(nr)
#
# The position vector represents the dynamic aspect.
# It changes after each en/decrypted character (the rotors
# are "advanced"). The initial position vector is also computed
# from the key
#
nr = self.n_rotors
rotors = self.rotors
positions = self.positions[do_decrypt]

Robin Becker <> wrote:
> Paul Rubin wrote:
> > "Reed L. O'Brien" <> writes:
> >
> >>I see rotor was removed for 2.4 and the docs say use an AES module
> >>provided separately... Is there a standard module that works alike or
> >>an AES module that works alike but with better encryption?
> >
> >
> > If you mean a module in the distribution, the answer is no, for
> > political reasons.
> >
> .....I'm also missing the rotor module and regret that something useful
> was warned about and now removed with no plugin replacement.
>
> I had understood that this was because rotor was insecure, but you
> mention politics. Are other useful modules to suffer from politics?
>
> What exactly are/were the political reasons for rotor removal?

Presumably he is talking about crypo-export rules. In the past strong
cryptography has been treated as munitions, and as such exporting it
(especially from the USA) could have got you into very serious
trouble.

However I believe those restrictions have been lifted (the cat having
been let out of the bag somewhat ;-), and its easy to do this for open
source encryption software. A wade through

A case in point: the linux 2.6 kernel is chock full of crypo and comes
with implementations of AES, ARC4, Blowfish, Cast5+6, DES, Serpent,
Twofish, TEA, etc. The linux kernel+source surely goes everywhere
python does so I don't think adding strong crypto modules to python is
a problem now-a-days.

AES in the core python library would be very useful and it would
discourage people from writing their own crypto routines (looks easy
but isn't!)

I understand this to be true. Since I am trying to address encryption
in the zipfile module, and I know you actually follow a bit of the
encryption stuff, can you answer a question or two for me?
> The Python maintainers didn't want to deal with imagined legal hassles
> that might develop from including good crypto functions in the
> distribution. Then it became obvious that the same imagined hassles
> could also befall the rotor module, so that was removed.

Are you saying these hassles are, in fact, imaginary rather than real?
Is this because you feel python is over-cautious about the USA, or is
this an opinion on "essentially all countries?" This is not a quibble
or a kvetch; I would like your understanding about the world legal
state of dealing with encryption (which, I assure you, I won't take as
definitive). I would hate to think someone in, for example, the UAE,
was busted for downloading or republishing python "out-of-the-box."

Don't get me wrong, I'd love the answer to be "sure its fine," but my
current plans are to provide a way to connect a crypto package to
zipfile without providing any such package myself.

Scott David Daniels <> writes:
> I understand this to be true. Since I am trying to address encryption
> in the zipfile module, and I know you actually follow a bit of the
> encryption stuff, can you answer a question or two for me?

Sure, I can try, so go ahead. There's more crypto expertise in
sci.crypt though.

Zipfile encryption is totally incompatible with the rotor module, by
the way, and traditionally it didn't use AES. There are a couple of
replacements for the traditional method that do use AES but that I
think are somewhat incompatible with each other.
> > The Python maintainers didn't want to deal with imagined legal hassles
> > that might develop from including good crypto functions in the
> > distribution. Then it became obvious that the same imagined hassles
> > could also befall the rotor module, so that was removed.
>
> Are you saying these hassles are, in fact, imaginary rather than real?

Well, I didn't want to say that the hassles were real, but I wasn't
trying to insinuate quite as much as it may have sounded. Like, I
don't drive my car at 100 mph on Main Street because I can imagine
what would happen and it's not pretty. The imagined carnage is a good
enough reason not to drive that way. However, I do feel that the
Python distributors are being over-cautious, see below.
> Is this because you feel python is over-cautious about the USA, or is
> this an opinion on "essentially all countries?" This is not a quibble
> or a kvetch; I would like your understanding about the world legal
> state of dealing with encryption (which, I assure you, I won't take as
> definitive). I would hate to think someone in, for example, the UAE,
> was busted for downloading or republishing python "out-of-the-box."

I think the Python maintainers were more concerned about that UAE
situation. However, the most widely deployed encryption software is
the SSL stack in just about every web browser (MSIE, Firefox, etc.)
and I'm sure lots of people are using those browsers in the UAE. The
Mozilla foundation isn't hestitating to ship the encryption as far as
I can tell.

See http://www.bxa.doc.gov/Encryption for the USA rules. Basically
for a free encryption program on the web, you're supposed to notify
the Dept. of Commerce by sending them an email when you publish it,
telling them where they can get it (address is on that site). As far
as anyone can tell, the DOC never does anything with those emails.
The rules are more complicated for nonpublished commercial programs,
crypto hardware, etc.
> Don't get me wrong, I'd love the answer to be "sure its fine," but my
> current plans are to provide a way to connect a crypto package to
> zipfile without providing any such package myself.

I'd say provide a package if you can, unless you have realistic
concern about getting in trouble.

Nick Craig-Wood wrote:
> Robin Becker <> wrote:
>
>> Paul Rubin wrote:
>>
>>>"Reed L. O'Brien" <> writes:
>>>
>>>
>>>>I see rotor was removed for 2.4 and the docs say use an AES module
>>>>provided separately... Is there a standard module that works alike or
>>>>an AES module that works alike but with better encryption?
>>>
>>>
>>>If you mean a module in the distribution, the answer is no, for
>>>political reasons.
>>>
>>
>> .....I'm also missing the rotor module and regret that something useful
>> was warned about and now removed with no plugin replacement.
>>
>> I had understood that this was because rotor was insecure, but you
>> mention politics. Are other useful modules to suffer from politics?
>>
....
> Presumably he is talking about crypo-export rules. In the past strong
> cryptography has been treated as munitions, and as such exporting it
> (especially from the USA) could have got you into very serious
> trouble.

well since rotor is a german (1930's) invention it is a bit late for
Amricans (Hollywood notwithstanding) to be worried about its export
> However I believe those restrictions have been lifted (the cat having
> been let out of the bag somewhat ;-), and its easy to do this for open
> source encryption software. A wade through
>

Robin Becker wrote:
>> Presumably he is talking about crypo-export rules. In the past strong
>> cryptography has been treated as munitions, and as such exporting it
>> (especially from the USA) could have got you into very serious
>> trouble.
>
So Python is an American Language and must obey American Law. Luckily I
seem to have escaped that fate.
--
Robin Becker

Robin Becker <> writes:
> > Presumably he is talking about crypo-export rules. In the past strong
> > cryptography has been treated as munitions, and as such exporting it
> > (especially from the USA) could have got you into very serious
> > trouble.
>
> well since rotor is a german (1930's) invention it is a bit late for
> Amricans (Hollywood notwithstanding) to be worried about its export

1. I think the concern was not about exporting from the US, but rather
importing into some countries that restrict the use of crypto. But
the cat is out of the bag on that one too. Just about every web
browser includes an SSL stack and those browsers are in use
everywhere.

2. It's irrelevant for the purpose of export rules how old an
invention is or where it was invented. I don't know where machine
guns were invented, but they're at least 100 years old and you can't
export those without a license either. My gripe with the crypto rules
are not about the age or nationality of crypto rotor machines (rotor
is not a clone of the Enigma by the way; it just operates on related
principles) but rather on the control of information in general.
Exporting a machine gun is much different from publishing a
description of one. Software is just a precise type of description.

On 19 Jan 2005 17:09:19 -0800, Paul Rubin <http://> wrote:
>Robin Becker <> writes:
>> > Presumably he is talking about crypo-export rules. In the past strong
>> > cryptography has been treated as munitions, and as such exporting it
>> > (especially from the USA) could have got you into very serious
>> > trouble.
>>
>> well since rotor is a german (1930's) invention it is a bit late for
>> Amricans (Hollywood notwithstanding) to be worried about its export
>
>1. I think the concern was not about exporting from the US, but rather
>importing into some countries that restrict the use of crypto. But
>the cat is out of the bag on that one too. Just about every web
>browser includes an SSL stack and those browsers are in use
>everywhere.
Isn't the SSL dependent on OS or at least shared lib support?
Wasn't there a default 40-bit version that was ok (weak), but you had
to declare yourself US resident to download 128-bit support?
I dimly recall encountering this sort of thing installing Netscape
a long time ago, I think. Is 128 just standard now? And now that 128
is wobbly(?), will the same thing be replayed with the ante upped?
>
>2. It's irrelevant for the purpose of export rules how old an
>invention is or where it was invented. I don't know where machine
>guns were invented, but they're at least 100 years old and you can't
>export those without a license either. My gripe with the crypto rules
>are not about the age or nationality of crypto rotor machines (rotor
>is not a clone of the Enigma by the way; it just operates on related
>principles) but rather on the control of information in general.
I can easily conceive of information that I'd rather not see publicized
without severe access controls. But in general I do believe in open sharing
of free information as the most productive for everyone.
>Exporting a machine gun is much different from publishing a
>description of one. Software is just a precise type of description.
Yeah, but ... ;-)

Firefox has its own implementation. IE uses wininet which is built
Windows. I'm not aware of any no-crypto version of Windows but even
if there is one, the US version is running, like, everywhere.
> Wasn't there a default 40-bit version that was ok (weak), but you had
> to declare yourself US resident to download 128-bit support?

That was years ago. The regulations changed since then, so they all
have 128 bits now.
> I dimly recall encountering this sort of thing installing Netscape
> a long time ago, I think. Is 128 just standard now? And now that 128
> is wobbly(?), will the same thing be replayed with the ante upped?

128 isn't wobbly. It will be a long time before any machine can do
2**128 operations to break a message.

Paul Rubin schrieb:
>>Wasn't there a default 40-bit version that was ok (weak), but you had
>>to declare yourself US resident to download 128-bit support?
>
>
> That was years ago. The regulations changed since then, so they all
> have 128 bits now.

Perhaps the NSA has found a way to handle 128bit in the meantime.
But this is unlikely because there is no export regulation to ban
512bit as far as I know

Peter Maas wrote:
> Paul Rubin schrieb:
>
>>> Wasn't there a default 40-bit version that was ok (weak), but you had
>>> to declare yourself US resident to download 128-bit support?
>>
>>
>>
>> That was years ago. The regulations changed since then, so they all
>> have 128 bits now.
>
>
> Perhaps the NSA has found a way to handle 128bit in the meantime.
> But this is unlikely because there is no export regulation to ban
> 512bit as far as I know
>

Apparently factorization based crypto is on the way out anyhow (as an
article in Scientific American is reported to claim).

Robin Becker <> writes:
> Apparently factorization based crypto is on the way out anyhow (as an
> article in Scientific American is reported to claim).

I haven't seen that SA article but I saw the Slashdot blurb. They
have confused "quantum cryptography" with quantum computation, when
they are entirely different things. Quantum cryptography (basically
communicating a message over an optical fiber in such a way that any
attempt to eavesdrop is supposed destroy the readability of the
message) has been done over quite long distances, 10's of km or even
more. Quantum computation is mostly a theoretical speculation. The
largest quantum computer ever built held seven bits, and factored the
number 15 into its factors 3 and 5. Building larger ones seems to
have complexity exponential in the number of bits, which is not too
much better than using an exponential-time algorithm on a conventional
computer. It's not even known in theory whether quantum computing is
possible on a significant scale. There are just some theorems about
what properties such a computer would have, if it can exist. One of
them, however, is being able to factor in P-time, and that caused
lots of excitement.

Paul Rubin wrote:
> Some countries have laws about cryptography software (against some
> combination of export, import, or use). The Python maintainers didn't
> want to deal with imagined legal hassles that might develop from
> including good crypto functions in the distribution. Then it became
> obvious that the same imagined hassles could also befall the rotor
> module, so that was removed.

Do you know this for a fact? The PSF does comply with the U.S. American
export procedures for crypto code, and reports the crypto code in
Python appropriately to BXA.

Guest

"Martin v. LÃ¶wis" <> writes:
> > Some countries have laws about cryptography software (against some
> > combination of export, import, or use). The Python maintainers didn't
> > want to deal with imagined legal hassles that might develop from
> > including good crypto functions in the distribution. Then it became
> > obvious that the same imagined hassles could also befall the rotor
> > module, so that was removed.
>
> Do you know this for a fact?

I'm going by newsgroup messages from around the time that I was
proposing to put together a standard block cipher module for Python.
> The PSF does comply with the U.S. American export procedures for
> crypto code, and reports the crypto code in Python appropriately to BXA.

Since rotor was removed, there is no crypto code in Python that needs
reporting.

ldomain wrote:
>>Do you know this for a fact?
>
>
> I'm going by newsgroup messages from around the time that I was
> proposing to put together a standard block cipher module for Python.

Ah, newsgroup messages. Anybody could respond, whether they have insight
or not.
>>The PSF does comply with the U.S. American export procedures for
>>crypto code, and reports the crypto code in Python appropriately to BXA.
>
>
> Since rotor was removed, there is no crypto code in Python that needs
> reporting.

We have released different versions of Python in the past. For Python
2.2, a report about the rotor module was sent to BXA.

Share This Page

Welcome to The Coding Forums!

Welcome to the Coding Forums, the place to chat about anything related to programming and coding languages.

Please join our friendly community by clicking the button below - it only takes a few seconds and is totally free. You'll be able to ask questions about coding or chat with the community and help others.
Sign up now!